From: Greg Kroah-Hartman Date: Mon, 22 Mar 2021 09:57:27 +0000 (+0100) Subject: 4.19-stable patches X-Git-Tag: v4.4.263~12 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=aa4585f5452f5a8abb400713ff5d18cc330ace36;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: ext4-do-not-try-to-set-xattr-into-ea_inode-if-value-is-empty.patch ext4-find-old-entry-again-if-failed-to-rename-whiteout.patch ext4-fix-potential-error-in-ext4_do_update_inode.patch genirq-disable-interrupts-for-force-threaded-handlers.patch x86-apic-of-fix-cpu-devicetree-node-lookups.patch --- diff --git a/queue-4.19/ext4-do-not-try-to-set-xattr-into-ea_inode-if-value-is-empty.patch b/queue-4.19/ext4-do-not-try-to-set-xattr-into-ea_inode-if-value-is-empty.patch new file mode 100644 index 00000000000..292f0baf2a3 --- /dev/null +++ b/queue-4.19/ext4-do-not-try-to-set-xattr-into-ea_inode-if-value-is-empty.patch @@ -0,0 +1,57 @@ +From 6b22489911b726eebbf169caee52fea52013fbdd Mon Sep 17 00:00:00 2001 +From: "zhangyi (F)" +Date: Fri, 5 Mar 2021 20:05:08 +0800 +Subject: ext4: do not try to set xattr into ea_inode if value is empty + +From: zhangyi (F) + +commit 6b22489911b726eebbf169caee52fea52013fbdd upstream. + +Syzbot report a warning that ext4 may create an empty ea_inode if set +an empty extent attribute to a file on the file system which is no free +blocks left. + + WARNING: CPU: 6 PID: 10667 at fs/ext4/xattr.c:1640 ext4_xattr_set_entry+0x10f8/0x1114 fs/ext4/xattr.c:1640 + ... + Call trace: + ext4_xattr_set_entry+0x10f8/0x1114 fs/ext4/xattr.c:1640 + ext4_xattr_block_set+0x1d0/0x1b1c fs/ext4/xattr.c:1942 + ext4_xattr_set_handle+0x8a0/0xf1c fs/ext4/xattr.c:2390 + ext4_xattr_set+0x120/0x1f0 fs/ext4/xattr.c:2491 + ext4_xattr_trusted_set+0x48/0x5c fs/ext4/xattr_trusted.c:37 + __vfs_setxattr+0x208/0x23c fs/xattr.c:177 + ... + +Now, ext4 try to store extent attribute into an external inode if +ext4_xattr_block_set() return -ENOSPC, but for the case of store an +empty extent attribute, store the extent entry into the extent +attribute block is enough. A simple reproduce below. + + fallocate test.img -l 1M + mkfs.ext4 -F -b 2048 -O ea_inode test.img + mount test.img /mnt + dd if=/dev/zero of=/mnt/foo bs=2048 count=500 + setfattr -n "user.test" /mnt/foo + +Reported-by: syzbot+98b881fdd8ebf45ab4ae@syzkaller.appspotmail.com +Fixes: 9c6e7853c531 ("ext4: reserve space for xattr entries/names") +Cc: stable@kernel.org +Signed-off-by: zhangyi (F) +Link: https://lore.kernel.org/r/20210305120508.298465-1-yi.zhang@huawei.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/xattr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/ext4/xattr.c ++++ b/fs/ext4/xattr.c +@@ -2419,7 +2419,7 @@ retry_inode: + * external inode if possible. + */ + if (ext4_has_feature_ea_inode(inode->i_sb) && +- !i.in_inode) { ++ i.value_len && !i.in_inode) { + i.in_inode = 1; + goto retry_inode; + } diff --git a/queue-4.19/ext4-find-old-entry-again-if-failed-to-rename-whiteout.patch b/queue-4.19/ext4-find-old-entry-again-if-failed-to-rename-whiteout.patch new file mode 100644 index 00000000000..26b58e1af26 --- /dev/null +++ b/queue-4.19/ext4-find-old-entry-again-if-failed-to-rename-whiteout.patch @@ -0,0 +1,73 @@ +From b7ff91fd030dc9d72ed91b1aab36e445a003af4f Mon Sep 17 00:00:00 2001 +From: "zhangyi (F)" +Date: Wed, 3 Mar 2021 21:17:02 +0800 +Subject: ext4: find old entry again if failed to rename whiteout + +From: zhangyi (F) + +commit b7ff91fd030dc9d72ed91b1aab36e445a003af4f upstream. + +If we failed to add new entry on rename whiteout, we cannot reset the +old->de entry directly, because the old->de could have moved from under +us during make indexed dir. So find the old entry again before reset is +needed, otherwise it may corrupt the filesystem as below. + + /dev/sda: Entry '00000001' in ??? (12) has deleted/unused inode 15. CLEARED. + /dev/sda: Unattached inode 75 + /dev/sda: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY. + +Fixes: 6b4b8e6b4ad ("ext4: fix bug for rename with RENAME_WHITEOUT") +Cc: stable@vger.kernel.org +Signed-off-by: zhangyi (F) +Link: https://lore.kernel.org/r/20210303131703.330415-1-yi.zhang@huawei.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/namei.c | 29 +++++++++++++++++++++++++++-- + 1 file changed, 27 insertions(+), 2 deletions(-) + +--- a/fs/ext4/namei.c ++++ b/fs/ext4/namei.c +@@ -3440,6 +3440,31 @@ static int ext4_setent(handle_t *handle, + return 0; + } + ++static void ext4_resetent(handle_t *handle, struct ext4_renament *ent, ++ unsigned ino, unsigned file_type) ++{ ++ struct ext4_renament old = *ent; ++ int retval = 0; ++ ++ /* ++ * old->de could have moved from under us during make indexed dir, ++ * so the old->de may no longer valid and need to find it again ++ * before reset old inode info. ++ */ ++ old.bh = ext4_find_entry(old.dir, &old.dentry->d_name, &old.de, NULL); ++ if (IS_ERR(old.bh)) ++ retval = PTR_ERR(old.bh); ++ if (!old.bh) ++ retval = -ENOENT; ++ if (retval) { ++ ext4_std_error(old.dir->i_sb, retval); ++ return; ++ } ++ ++ ext4_setent(handle, &old, ino, file_type); ++ brelse(old.bh); ++} ++ + static int ext4_find_delete_entry(handle_t *handle, struct inode *dir, + const struct qstr *d_name) + { +@@ -3736,8 +3761,8 @@ static int ext4_rename(struct inode *old + end_rename: + if (whiteout) { + if (retval) { +- ext4_setent(handle, &old, +- old.inode->i_ino, old_file_type); ++ ext4_resetent(handle, &old, ++ old.inode->i_ino, old_file_type); + drop_nlink(whiteout); + } + unlock_new_inode(whiteout); diff --git a/queue-4.19/ext4-fix-potential-error-in-ext4_do_update_inode.patch b/queue-4.19/ext4-fix-potential-error-in-ext4_do_update_inode.patch new file mode 100644 index 00000000000..d3ab5516502 --- /dev/null +++ b/queue-4.19/ext4-fix-potential-error-in-ext4_do_update_inode.patch @@ -0,0 +1,47 @@ +From 7d8bd3c76da1d94b85e6c9b7007e20e980bfcfe6 Mon Sep 17 00:00:00 2001 +From: Shijie Luo +Date: Fri, 12 Mar 2021 01:50:51 -0500 +Subject: ext4: fix potential error in ext4_do_update_inode + +From: Shijie Luo + +commit 7d8bd3c76da1d94b85e6c9b7007e20e980bfcfe6 upstream. + +If set_large_file = 1 and errors occur in ext4_handle_dirty_metadata(), +the error code will be overridden, go to out_brelse to avoid this +situation. + +Signed-off-by: Shijie Luo +Link: https://lore.kernel.org/r/20210312065051.36314-1-luoshijie1@huawei.com +Cc: stable@kernel.org +Reviewed-by: Jan Kara +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/inode.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -5266,7 +5266,7 @@ static int ext4_do_update_inode(handle_t + struct ext4_inode_info *ei = EXT4_I(inode); + struct buffer_head *bh = iloc->bh; + struct super_block *sb = inode->i_sb; +- int err = 0, rc, block; ++ int err = 0, block; + int need_datasync = 0, set_large_file = 0; + uid_t i_uid; + gid_t i_gid; +@@ -5378,9 +5378,9 @@ static int ext4_do_update_inode(handle_t + bh->b_data); + + BUFFER_TRACE(bh, "call ext4_handle_dirty_metadata"); +- rc = ext4_handle_dirty_metadata(handle, NULL, bh); +- if (!err) +- err = rc; ++ err = ext4_handle_dirty_metadata(handle, NULL, bh); ++ if (err) ++ goto out_brelse; + ext4_clear_inode_state(inode, EXT4_STATE_NEW); + if (set_large_file) { + BUFFER_TRACE(EXT4_SB(sb)->s_sbh, "get write access"); diff --git a/queue-4.19/genirq-disable-interrupts-for-force-threaded-handlers.patch b/queue-4.19/genirq-disable-interrupts-for-force-threaded-handlers.patch new file mode 100644 index 00000000000..cfff117acad --- /dev/null +++ b/queue-4.19/genirq-disable-interrupts-for-force-threaded-handlers.patch @@ -0,0 +1,70 @@ +From 81e2073c175b887398e5bca6c004efa89983f58d Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 17 Mar 2021 15:38:52 +0100 +Subject: genirq: Disable interrupts for force threaded handlers + +From: Thomas Gleixner + +commit 81e2073c175b887398e5bca6c004efa89983f58d upstream. + +With interrupt force threading all device interrupt handlers are invoked +from kernel threads. Contrary to hard interrupt context the invocation only +disables bottom halfs, but not interrupts. This was an oversight back then +because any code like this will have an issue: + +thread(irq_A) + irq_handler(A) + spin_lock(&foo->lock); + +interrupt(irq_B) + irq_handler(B) + spin_lock(&foo->lock); + +This has been triggered with networking (NAPI vs. hrtimers) and console +drivers where printk() happens from an interrupt which interrupted the +force threaded handler. + +Now people noticed and started to change the spin_lock() in the handler to +spin_lock_irqsave() which affects performance or add IRQF_NOTHREAD to the +interrupt request which in turn breaks RT. + +Fix the root cause and not the symptom and disable interrupts before +invoking the force threaded handler which preserves the regular semantics +and the usefulness of the interrupt force threading as a general debugging +tool. + +For not RT this is not changing much, except that during the execution of +the threaded handler interrupts are delayed until the handler +returns. Vs. scheduling and softirq processing there is no difference. + +For RT kernels there is no issue. + +Fixes: 8d32a307e4fa ("genirq: Provide forced interrupt threading") +Reported-by: Johan Hovold +Signed-off-by: Thomas Gleixner +Reviewed-by: Johan Hovold +Acked-by: Sebastian Andrzej Siewior +Link: https://lore.kernel.org/r/20210317143859.513307808@linutronix.de +Signed-off-by: Greg Kroah-Hartman +--- + kernel/irq/manage.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/kernel/irq/manage.c ++++ b/kernel/irq/manage.c +@@ -987,11 +987,15 @@ irq_forced_thread_fn(struct irq_desc *de + irqreturn_t ret; + + local_bh_disable(); ++ if (!IS_ENABLED(CONFIG_PREEMPT_RT)) ++ local_irq_disable(); + ret = action->thread_fn(action->irq, action->dev_id); + if (ret == IRQ_HANDLED) + atomic_inc(&desc->threads_handled); + + irq_finalize_oneshot(desc, action); ++ if (!IS_ENABLED(CONFIG_PREEMPT_RT)) ++ local_irq_enable(); + local_bh_enable(); + return ret; + } diff --git a/queue-4.19/series b/queue-4.19/series index 3b69a1a7473..664985ee065 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -37,3 +37,8 @@ x86-ioapic-ignore-irq2-again.patch kernel-fs-introduce-and-use-set_restart_fn-and-arch_set_restart_data.patch x86-move-ts_compat-back-to-asm-thread_info.h.patch x86-introduce-ts_compat_restart-to-fix-get_nr_restart_syscall.patch +ext4-find-old-entry-again-if-failed-to-rename-whiteout.patch +ext4-do-not-try-to-set-xattr-into-ea_inode-if-value-is-empty.patch +ext4-fix-potential-error-in-ext4_do_update_inode.patch +genirq-disable-interrupts-for-force-threaded-handlers.patch +x86-apic-of-fix-cpu-devicetree-node-lookups.patch diff --git a/queue-4.19/x86-apic-of-fix-cpu-devicetree-node-lookups.patch b/queue-4.19/x86-apic-of-fix-cpu-devicetree-node-lookups.patch new file mode 100644 index 00000000000..adb7598b4fd --- /dev/null +++ b/queue-4.19/x86-apic-of-fix-cpu-devicetree-node-lookups.patch @@ -0,0 +1,51 @@ +From dd926880da8dbbe409e709c1d3c1620729a94732 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Fri, 12 Mar 2021 10:20:33 +0100 +Subject: x86/apic/of: Fix CPU devicetree-node lookups + +From: Johan Hovold + +commit dd926880da8dbbe409e709c1d3c1620729a94732 upstream. + +Architectures that describe the CPU topology in devicetree and do not have +an identity mapping between physical and logical CPU ids must override the +default implementation of arch_match_cpu_phys_id(). + +Failing to do so breaks CPU devicetree-node lookups using of_get_cpu_node() +and of_cpu_device_node_get() which several drivers rely on. It also causes +the CPU struct devices exported through sysfs to point to the wrong +devicetree nodes. + +On x86, CPUs are described in devicetree using their APIC ids and those +do not generally coincide with the logical ids, even if CPU0 typically +uses APIC id 0. + +Add the missing implementation of arch_match_cpu_phys_id() so that CPU-node +lookups work also with SMP. + +Apart from fixing the broken sysfs devicetree-node links this likely does +not affect current users of mainline kernels on x86. + +Fixes: 4e07db9c8db8 ("x86/devicetree: Use CPU description from Device Tree") +Signed-off-by: Johan Hovold +Signed-off-by: Thomas Gleixner +Link: https://lore.kernel.org/r/20210312092033.26317-1-johan@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/apic/apic.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/arch/x86/kernel/apic/apic.c ++++ b/arch/x86/kernel/apic/apic.c +@@ -2279,6 +2279,11 @@ static int cpuid_to_apicid[] = { + [0 ... NR_CPUS - 1] = -1, + }; + ++bool arch_match_cpu_phys_id(int cpu, u64 phys_id) ++{ ++ return phys_id == cpuid_to_apicid[cpu]; ++} ++ + #ifdef CONFIG_SMP + /** + * apic_id_is_primary_thread - Check whether APIC ID belongs to a primary thread